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WHAT IS CLAIMED IS: 

1. A method, comprising: 

requesting, by a delegate with a delegation from a delegator, a service from a relying 

party; 

requesting, by the relying party based on the service requested and the delegation, 
credential information from a delegate credential service provider; 

sending, by the delegate credential service provider, the credential information to the 
relying party; 

generating, by the relying party, a service response according to the credential 
information received from the delegate credential service provider; and 
sending the service response to the delegate. 

2. The method according to claim 1, wherein said credential information contains 
credential information about the delegator. 

3. The method according to claim 2, wherein said requesting delegated credential 
comprises: 

generating a credential information request based on the service requested and the 
delegation; 

sending the credential information request to the delegate for an approval that 
authorizes the credenial information request; 

receiving the approval from the delegate; and 
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sending the approved delegated credential request to the delegate credential service 
provider. 

4. The method acording to claim 3, wherein: 

sending the credential information request to the delegate includes sending a request 
for information related to an appropriate delegation; and 

receiving the approval fom the delegate includes receiving the information related to 
an appropriate delegation. 

5. The method according to claim 1, wherein said sending the credential information 
comprises: 

verifying the delegation registered by the delegate and delegator; 
retrieving credential information associated with the delegation; and 
forwarding the retrieved credential information to the relying party. 

6. The method according to claim 1, further comprising: 

subscribing, by the delegate and the delegator, a digital credential service from a 
credential service provider. 

7. The method according to claim 5, further comprising registering, by the delegator, 
the conditions under which pieces of the credential information can be released to relying 
parties. 
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8. A method for a relying party, comprising: 
receiving, from a delegate, a request for a service; 

sending a credential information request to a delegate credential service provider; 
receiving requested credential information from the delegate credential service 
provider; 

verifying the credential information; 

generating a service response based on the results from the verifying and the request 
for the service; and 

sending the service response to the delegate. 

9. The method according to claim 8, wherein said sending the credential information 
request comprises: 

determining the credential information required for the services requested; 
generating the credential information request based on the credential required; 
sending the credential information request to the delegate to obtain an approval; 
receiving the approval from the delegate; and 

sending the credential information request to the delegate credential service provider. 

10. The method according to claim 9, further comprising: 

determining, using the credential required, an appropriate delegation based on which 
the credential information request is constructed. 
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1 1 . The method according to claim 10, wherein said determining the appropriate 
delegation includes one of: 

obtaining the appropriate delegation specified in the request for service sent by the 
delegate; 

selecting the appropriate delegation by the delegate upon receiving the credential 
information request; and 

verifying the appropriate delegation by the delegate credential service provider. 

12. A method for a delegate credential service provider, comprising: 
receiving a service request; 

determining the service type based on the service request; 

registering, if the service type is for subscribing a digital credential service, a user's 
credential information for requested digital credential service; 

registering, if the service type is for delegation service, a delegation between a 
delegator and a delegate, the delegation including delegation terms; 

changing, if the service type is for updating an existing delegation, the terms of an 
existing delegation; and 

providing, if the service request is a credential information request from a relying 
party for credential information required for a service requested by a delegate, credential 
information. 

13. The method according to claim 12, wherein said changing the terms of a 
delegation comprises: 
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receiving, from a user, revised delegation terms; and 

updating the terms of the existing delegation using the revised delegation terms. 

14. The method according to claim 12, wherein said providing delegated credential 
comprises: 

retrieving the requested delegated credential; and 

sending the retrieved delegated credential to the relying party. 

15. The method according to claim 12, further comprising: 

registering by the delegator the conditions under which pieces of the credential 
information can be released to relying parties; and 

detemining, prior to the retrieving, a delegation, between the delegate, who requests 
the service from the relying party, and a delegator, wherein the digital credential information 
of the delegator corresponds to the delegated credential required for the service requested by 
the delegate. 

16. A system for a relying party, comprising: 

a service request processing mechanism for processing a service request for a service 
from a user; 

a credential information request mechanism for obtaining required credential 
information that is necessary for the service from a delegation credential service provider; and 

a service response generation mechanism for generating a service response based on 
the service request and the required credential information. 
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17. The system according to claim 16, further comprising: 

a credential determiner for determining, prior to obtaining credential information, 
required credential information necesssary for the service requested by the user; and 

a credential verification mecanism for verifying the required credential information 
obtained from the delegation credential service provider before the service response is 
generated. 

18. A machine-accessible medium encoded with data, the data, when accessed, 
causing: 

requesting, by a delegate with a delegation from a delegator, a service from a relying 

party; 

requesting, by the relying party based on the service requested and the delegation, 
credential information from the delegate credential service provider; 

sending, by the delegate credential service provider, the credential information to the 
relying party; 

generating, by the relying party, a service response according to the credential 
information, received from the delegate credential service provider; and 
sending the service response to the delegate. 

19. The medium according to claim 18, wherein said requesting delegated credential 
comprises: 
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generating a credential information request based on the service requested and the 
delegation; 

sending the credential information request to the delegate for an approval that 
authorizes the credenial information request; 

receiving the approval from the delegate; and 

sending an approved credential information request to the delegate credential service 
provider. 

20. The medium acording to claim 19, wherein: 

sending the credential information request to the delegate includes sending a request 
for information related to an appropriate delegation; and 

receiving the approval fom the delegate includes receiving the information related to 
an appropriate delegation. 

21. The medium according to claim 18, wherein said sending the credential 
information comprises: 

verifying the delegation registered by the delegate and delegator; 
retrieving credential information associated with the delegation; and 
forwarding the retrieved credential information to the relying party. 

22. The medium according to claim 18, the data, when accessed, further causing: 
subscribing, by the delegate and the delegator, a digital credential service from a 

credential service provider. 
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23. A machine-accessible medium encoded with data related to a relying party, the 
data, when accessed, causing: 

receiving, from a delegate, a request for a service; 

sending a credential information request to a delegate credential service provider; 
receiving the requested credential information from the delegate credential service 
provider; 

verifying the credential information; 

generating a service response based on the results from the verifying and the request 
for the service; and 

sending the service response to the delegate. 

24. The medium according to claim 23, wherein said sending the credential 
information request comprises: 

determining the credential required for the services requested; 
generating the credential information request based on the credential required; 
sending the credential information request to the delegate to obtain a approval; 
receiving the approval from the delegate; and 

sending the credential information request to the delegate credential service provider. 

25. The medium according to claim 24, the data, when accessed, further causing: 
determining, using the credential required, an appropriate delegation based on which 

the credential information request is constructed. 
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26. The medium according to claim 25, wherein the determining the appropriate 
delegation includes one of: 

obtaining the appropriate delegation specified in the request for service sent by the 



selecting the appropriate delegation by the delegate upon receiving the credential 
information request for approval; and 
u verifying the appropriate delegation by the delegate credential service provider. 
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i.l 27 A machine-accessible medium encoded with data related to a delegate credential 
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service provider, the data, when accessed, causing: 
receiving a service request; 



n i determining the service type based on the service request; 

." registering, if the service type is for subscribing a digital credential service, a user's 

credential information for requested digital credential service; 

registering, if the service type is for delegation service, a delegation between a 
delegator and a delegate, the delegation including delegation terms; 

changing, if the service type is for updating an existing delegation, the terms of an 
existing delegation; and 

providing, if the service request is a credential information request from a relying 
party for digital credential information required for a service requested by a delegate, required 
credential information. 
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28. The medium according to claim 27, wherein said updating a delegation comprises: 
receiving, from a user, revised delegation terms; and 

updating the terms of the existing delegation using the revised delegation terms. 

29. The medium according to claim 27, wherein said providing delegate credential 
information comprises: 

retrieving the required delegated credential; and 

sending the retrieved credential information to the relying party. 

30. The medium according to claim 29, the data, when accessed, further causing: 
detemining, prior to the retrieving, a delegation between the delegate, who requests the 

service from the relying party, and a delegator, wherein the digital credential information of 
the delegator corresponds to the credential information required for the service requested by 
the delegate. 
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